X / xAI Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

X / xAI Program Statistics

17 total issues disclosed

$10,150 total paid publicly

Most disclosed (4 disclosures) — Improper Access Control - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File	Information Disclosure	th0h0	Medium	2024-05-10
Ability to see hidden likes	Improper Access Control - Generic	mirhat	Medium	2024-05-10
Bypassing x profile verification to receive instant blue checkmark and unlimited profile changes	Business Logic Errors	itsdavid	Low	2024-03-26
Able to see Twitter Circle tweets due to improper access control on the "FavoriteTweet" endpoint	Improper Access Control - Generic	bugra	Medium	2024-03-01
Ability to getting Twitter Blue verified badge without purchase it	Business Logic Errors	alp	Medium	2024-02-22
Improper santization of edit in list feature at twitter leads to delete any twitter user's list cover photo.	Insecure Direct Object Reference (IDOR)	greytesla	Medium	2023-09-18
Twitter Subscriptions Information Disclosure	Information Disclosure	mirhat	Medium	2023-09-18
The Deleted Polls is Still Accessable after 30 Days	Privacy Violation	eissen5c	High	2023-02-13
Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links	Security Through Obscurity	jub0bs	Medium	2022-12-29
Link-shortener bypass (regression on fix for #1032610)	Security Through Obscurity	jub0bs	Medium	2022-12-12
Remote 0click exfiltration of Safari user's IP address	Forced Browsing	max2x	Medium	2022-06-15
Identify the mobile number of a twitter user	Information Disclosure	aymen_mansour	Critical	2022-03-29
Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data	Cross-site Scripting (XSS) - Stored	iambouali	Critical	2022-02-12
Discoverability by phone number/email restriction bypass	Improper Access Control - Generic	zhirinovskiy	High	2022-02-11
Subdomain takeover of images.crossinstall.com	Business Logic Errors	ian	High	2022-01-05
PI leakage By Brute Forcing and Phone number deleting without using password	Improper Access Control - Generic	a13h1	Medium	2021-04-22
2 Subdomains Takeover at readfu.com	Privilege Escalation	m7mdharoun	Medium	2021-03-15